Tabloid-Style Headlines Lure
Users in “Storm” Worm Attack

Malware writers have been at it again, this time infecting inboxes with tabloid-style Subject lines like “230 dead as storm batters Europe” and “First nuclear act of terrorism!” Commtouch reported.

“We expect an escalation in spam post-Storm,” predicts Commtouch CTO Amir Lev. “The malware is distributed to set up a network of infected zombie computers, which can then be used to launch massive spam campaigns.”

By creating Subject lines that sound just plausible enough like, “hugo chavez dead” and attachments with names like “full clip.exe” and “read more.exe,” malware writers are able to lure unwary recipients into clicking on an executable file attached to an email message, using a technique known as social engineering.

The “Storm” worm – named as such because it leveraged the major European storm in its subject line – contains a staggering number of distinct, low-volume variants, which were released from multiple sources simultaneously and successively, and at short time intervals. This outbreak seems to follow the trend developed in 2006 with malwares such as Stration/Warezov, Feebs, Scanio, Tibs/Nuwar, and others.

“In addition to using Subject lines based on current events, this server-side polymorphic worm consists of thousands of distinct variants, ranging from just a few instances (copies of the same code in recurrent messages), to very high volumes of instances per variant,” said Haggai Carmon, Commtouch Vice President of Products. “By distributing so many variants simultaneously, the malware distributors overwhelm signature-based anti-virus engines, effectively guaranteeing that they will not block them.”

Commtouch identified and blocked over 5,000 distinct variants during the first four days of the “Storm” worm activity, and there were time periods during those days when the malware accounted for nearly 17% of all global Internet email traffic.

“Malware writers know they have limited time before an AV signature or heuristic will be created to block any mass-distributed malware, so they break the outbreak into thousands of variants and distribute in smaller numbers of instances to maximize infection,” Carmon said. “Once AV engines battled to get a signature out within the first few hours of the outbreak, now the hard truth is that even these signatures are now becoming ineffective to protect against the first wave of each new variant. In the time it takes to write and distribute each new signature, thousands of newer variants are launched against which the signature does not protect.”

Commtouch Zero-Hour™ Virus Outbreak Protection detects and blocks email-borne outbreaks like the “Storm” malware in real-time, powered by its Recurrent Pattern Detection™ technology. Commtouch’s service is offered to messaging, security and anti-virus vendors for OEM integration as a complementary outbreak detection solution.



Home - Desktops - Laptops - Internet - Cell Phones - Digital Cameras

Printers - Scanners - Contact Us - Privacy - ContactoMagazine.com

© ContactoMagazine.com